Lucene search

MitreCVE-2015-3395

HistoryJun 16, 2015 - 4:59 p.m.

CVE-2015-3395

2015-06-1616:59:04

CWE-119

mitre

web.nvd.nist.gov

cve-2015-3395

remote code execution

libav

ffmpeg

msrle_decode_pal4

security vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.5

Confidence

High

EPSS

0.008

Percentile

82.2%

JSON

The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.

Affected configurations

Nvd

Node

canonicalubuntu_linuxMatch12.04lts

Node

ffmpegffmpegMatch2.0.6

ffmpegffmpegMatch2.2.0

ffmpegffmpegMatch2.2.1

ffmpegffmpegMatch2.2.2

ffmpegffmpegMatch2.2.3

ffmpegffmpegMatch2.2.4

ffmpegffmpegMatch2.2.5

ffmpegffmpegMatch2.2.6

ffmpegffmpegMatch2.2.7

ffmpegffmpegMatch2.2.8

ffmpegffmpegMatch2.2.9

ffmpegffmpegMatch2.2.10

ffmpegffmpegMatch2.2.11

ffmpegffmpegMatch2.2.12

ffmpegffmpegMatch2.2.13

ffmpegffmpegMatch2.2.14

ffmpegffmpegMatch2.4.0

ffmpegffmpegMatch2.4.1

ffmpegffmpegMatch2.4.2

ffmpegffmpegMatch2.4.3

ffmpegffmpegMatch2.4.4

ffmpegffmpegMatch2.4.5

ffmpegffmpegMatch2.4.6

ffmpegffmpegMatch2.4.7

ffmpegffmpegMatch2.5.0

ffmpegffmpegMatch2.5.1

ffmpegffmpegMatch2.5.2

ffmpegffmpegMatch2.5.3

ffmpegffmpegMatch2.5.4

ffmpegffmpegMatch2.5.5

ffmpegffmpegMatch2.6.0

ffmpegffmpegMatch2.6.1

Node

libavlibavRange≤10.6

libavlibavMatch11.0

libavlibavMatch11.1

libavlibavMatch11.2

libavlibavMatch11.3

VendorProductVersionCPE
canonicalubuntu_linux12.04cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
ffmpegffmpeg2.0.6cpe:2.3:a:ffmpeg:ffmpeg:2.0.6:*:*:*:*:*:*:*
ffmpegffmpeg2.2.0cpe:2.3:a:ffmpeg:ffmpeg:2.2.0:*:*:*:*:*:*:*
ffmpegffmpeg2.2.1cpe:2.3:a:ffmpeg:ffmpeg:2.2.1:*:*:*:*:*:*:*
ffmpegffmpeg2.2.2cpe:2.3:a:ffmpeg:ffmpeg:2.2.2:*:*:*:*:*:*:*
ffmpegffmpeg2.2.3cpe:2.3:a:ffmpeg:ffmpeg:2.2.3:*:*:*:*:*:*:*
ffmpegffmpeg2.2.4cpe:2.3:a:ffmpeg:ffmpeg:2.2.4:*:*:*:*:*:*:*
ffmpegffmpeg2.2.5cpe:2.3:a:ffmpeg:ffmpeg:2.2.5:*:*:*:*:*:*:*
ffmpegffmpeg2.2.6cpe:2.3:a:ffmpeg:ffmpeg:2.2.6:*:*:*:*:*:*:*
ffmpegffmpeg2.2.7cpe:2.3:a:ffmpeg:ffmpeg:2.2.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
canonical	ubuntu_linux	12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
ffmpeg	ffmpeg	2.0.6	cpe:2.3:a:ffmpeg:ffmpeg:2.0.6:::::::*
ffmpeg	ffmpeg	2.2.0	cpe:2.3:a:ffmpeg:ffmpeg:2.2.0:::::::*
ffmpeg	ffmpeg	2.2.1	cpe:2.3:a:ffmpeg:ffmpeg:2.2.1:::::::*
ffmpeg	ffmpeg	2.2.2	cpe:2.3:a:ffmpeg:ffmpeg:2.2.2:::::::*
ffmpeg	ffmpeg	2.2.3	cpe:2.3:a:ffmpeg:ffmpeg:2.2.3:::::::*
ffmpeg	ffmpeg	2.2.4	cpe:2.3:a:ffmpeg:ffmpeg:2.2.4:::::::*
ffmpeg	ffmpeg	2.2.5	cpe:2.3:a:ffmpeg:ffmpeg:2.2.5:::::::*
ffmpeg	ffmpeg	2.2.6	cpe:2.3:a:ffmpeg:ffmpeg:2.2.6:::::::*
ffmpeg	ffmpeg	2.2.7	cpe:2.3:a:ffmpeg:ffmpeg:2.2.7:::::::*